Total
21765 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-1010003 | 1 Leanote | 1 Leanote | 2019-07-12 | 3.5 LOW | 6.1 MEDIUM |
| Leanote prior to version 2.6 is affected by: Cross Site Scripting (XSS). | |||||
| CVE-2019-1010314 | 1 Gitea | 1 Gitea | 2019-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| Gitea 1.7.2, 1.7.3 is affected by: Cross Site Scripting (XSS). The impact is: execute JavaScript in victim's browser, when the vulnerable repo page is loaded. The component is: repository's description. The attack vector is: victim must navigate to public and affected repo page. | |||||
| CVE-2019-13562 | 1 Dlink | 2 Dir-655, Dir-655 Firmware | 2019-07-12 | 4.3 MEDIUM | 6.1 MEDIUM |
| D-Link DIR-655 C devices before 3.02B05 BETA03 allow XSS, as demonstrated by the /www/ping_response.cgi ping_ipaddr parameter, the /www/ping6_response.cgi ping6_ipaddr parameter, and the /www/apply_sec.cgi html_response_return_page parameter. | |||||
| CVE-2018-13809 | 1 Siemens | 4 Cp 1604, Cp 1604 Firmware, Cp 1616 and 1 more | 2019-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| A vulnerability has been identified in CP 1604 (All versions), CP 1616 (All versions). The integrated web server of the affected CP devices could allow Cross-Site Scripting (XSS) attacks if unsuspecting users are tricked into following a malicious link. User interaction is required for a successful exploitation. At the time of advisory publication no public exploitation of this vulnerability was known. | |||||
| CVE-2018-19579 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 3.5 LOW | 5.4 MEDIUM |
| GitLab EE version 11.5 is vulnerable to a persistent XSS vulnerability in the Operations page. This is fixed in 11.5.1. | |||||
| CVE-2018-19493 | 1 Gitlab | 1 Gitlab | 2019-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in GitLab Community and Enterprise Edition 11.x before 11.3.11, 11.4.x before 11.4.8, and 11.5.x before 11.5.1. There is a persistent XSS vulnerability in the environment pages due to a lack of input validation and output encoding. | |||||
| CVE-2018-17147 | 1 Nagios | 1 Nagios Xi | 2019-07-11 | 3.5 LOW | 4.8 MEDIUM |
| Nagios XI before 5.5.4 has XSS in the auto login admin management page. | |||||
| CVE-2019-8920 | 1 Apachefriends | 1 Xampp | 2019-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| iart.php in XAMPP 1.7.0 has XSS, a related issue to CVE-2008-3569. | |||||
| CVE-2012-0891 | 1 Puppet | 2 Puppet Dashboard, Puppet Enterprise | 2019-07-11 | 4.3 MEDIUM | N/A |
| Multiple cross-site scripting (XSS) vulnerabilities in Puppet Dashboard 1.0 before 1.2.5 and Enterprise 1.0 before 1.2.5 and 2.x before 2.0.1 allow remote attackers to inject arbitrary web script or HTML via unspecified fields. | |||||
| CVE-2017-6217 | 1 Paypal | 1 Adaptive Payments Sdk | 2019-07-11 | 4.3 MEDIUM | 6.1 MEDIUM |
| paypal/adaptivepayments-sdk-php v3.9.2 is vulnerable to a reflected XSS in the SetPaymentOptions.php resulting code execution | |||||
| CVE-2017-18364 | 1 Frank-karau | 1 Phpfk | 2019-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| phpFK lite has XSS via the faq.php, members.php, or search.php query string or the user.php user parameter. | |||||
| CVE-2019-5967 | 1 Joruri | 1 Joruri Cms 2017 | 2019-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Cross-site scripting vulnerability in Joruri CMS 2017 Release2 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. | |||||
| CVE-2019-13472 | 1 Phpwind | 1 Phpwind | 2019-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| PHPWind 9.1.0 has XSS vulnerabilities in the c and m parameters of the index.php file. | |||||
| CVE-2019-13186 | 1 1234n | 1 Minicms | 2019-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| In MiniCMS V1.10, stored XSS was found in mc-admin/post-edit.php via the tags box. An attacker can use it to get a user's cookie. This is different from CVE-2018-10296, CVE-2018-16233, and CVE-2018-20520. | |||||
| CVE-2018-12623 | 1 Eventum Project | 1 Eventum | 2019-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter. | |||||
| CVE-2018-12626 | 1 Eventum Project | 1 Eventum | 2019-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter. | |||||
| CVE-2018-12625 | 1 Eventum Project | 1 Eventum | 2019-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter. | |||||
| CVE-2018-12622 | 1 Eventum Project | 1 Eventum | 2019-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter. | |||||
| CVE-2018-12627 | 1 Eventum Project | 1 Eventum | 2019-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter. | |||||
| CVE-2019-13397 | 1 Enhancesoft | 1 Osticket | 2019-07-10 | 4.3 MEDIUM | 6.1 MEDIUM |
| Unauthenticated Stored XSS in osTicket 1.10.1 allows a remote attacker to gain admin privileges by injecting arbitrary web script or HTML via arbitrary file extension while creating a support ticket. | |||||